US11063957B2 - Method and arrangement for decoupled transmission of data between networks - Google Patents

Method and arrangement for decoupled transmission of data between networks Download PDF

Info

Publication number
US11063957B2
US11063957B2 US15/742,930 US201615742930A US11063957B2 US 11063957 B2 US11063957 B2 US 11063957B2 US 201615742930 A US201615742930 A US 201615742930A US 11063957 B2 US11063957 B2 US 11063957B2
Authority
US
United States
Prior art keywords
data
network
communication
application
captured
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/742,930
Other languages
English (en)
Other versions
US20180375876A1 (en
Inventor
Uwe Blöcher
Rainer Falk
Jens Reinert
Martin Wimmer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Assigned to SIEMENS AKTIENGESELLSCHAFT reassignment SIEMENS AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FALK, RAINER, BLÖCHER, Uwe, REINERT, JENS, WIMMER, MARTIN
Publication of US20180375876A1 publication Critical patent/US20180375876A1/en
Application granted granted Critical
Publication of US11063957B2 publication Critical patent/US11063957B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the following relates to a method and an arrangement for decoupled transmission of data between networks with different security requirements, for example between industrial control networks and less critical diagnosis networks.
  • cross-domain security solutions for the transmission of data between networks with different security requirements, what are known as cross-domain security solutions, have been used in specific areas to date, such as e.g. official communication, in which high security requirements are in force and in which there is security classification of documents and information.
  • a cross-domain solution realizes automated secure exchange of documents and messages, such as e.g. emails, between zones with different levels of security requirements.
  • An essential component in this case is a data diode, which ensures unidirectionality of the data communication, that is to say transport of data, just in one direction.
  • U.S. Pat. No. 8,068,415 B2 discloses a data diode consisting of a transmission component and a reception component that are connected to an optical transmission line or shielded twisted copper lines, which thereby realize unidirectional data transmission.
  • the transmission component in this case is a proxy that is introduced into the data communication.
  • Such a transmission component cannot reliably ensure decoupled data transmission.
  • such a transmission component is located in the communication path of the safety-critical network, which means that an end-to-end communication between network components is interrupted.
  • a data transmission between two networks is decoupled if, during or as a result of the data transmission, no signals or data are introduced into the sending network or data in the first network can be altered.
  • the decoupling is meant to be ensured not only in respect of signals being introduced or changed by an external communication subscriber, the solution itself is meant to be decoupled.
  • Known data diodes that realize a limited return channel e.g. for the acknowledgement of TCP packets therefore cannot be considered to be decoupled.
  • Data diode solutions that require a specific transmission component that needs to be introduced into the communication path are also not suitable.
  • Such data diodes therefore do not guarantee decoupling and do not fulfil the required Q factor, as are demanded for the licensing of industrial control networks, for example.
  • such a data diode is not suitable for high-availability networks, for example with redundant transmission paths or ring topologies, since a central transmission component is a break in the redundancy of the network and would require multiple data diodes, which are expensive and sophisticated to set up.
  • An aspect relates to a solution for decoupled data transmission between networks, particularly with different security requirements and high availability, in a simple and inexpensive fashion.
  • first data are transmitted in a first network with high security requirements by a first application in a communication exclusively between components within the first network via multiple transmission lines, wherein data are captured in decoupled fashion in the first network by at least one monitoring device per transmission line, and are transmitted to a second network with lower security requirements.
  • the first data of a first application in the first network are thus transmitted exclusively between components within the first network and are therefore an end-to-end communication.
  • This end-to-end communication is not broken in embodiments of the present invention, since the communication is merely monitored, but is not broken by a separate component that does not belong to the first network. This reliably ensures decoupling, i.e. it is certain that no kind of new data are distributed to the first network by the transmission in a second network.
  • no data within the first network are altered and no data are added to the first network, since the monitoring of data merely comprises copying and transmitting the copied data or data packets to a second network.
  • the data packets or data are not evaluated in the monitoring device in this case.
  • the capture of the first data by a monitoring unit is a function that is absolutely transparent for the communication in the first network.
  • At least one monitoring unit per communication link ensures that, in a first network of redundant design, even if one of the communication links fails, the first data can be reliably captured by the remaining communication links. If data are transmitted via multiple communication links either at the same time or alternately, then in this case too at least one respective monitoring unit per communication link ensures that all the data are captured. From the capture of the data on different communication links, it is also possible for further information or plausibility checks to be derived. Even in the case of a bidirectional communication between the components of a first network via different communication links, capture of the data in both directions is ensured.
  • the method is likewise suitable for tapping off realtime-critical communication, since the copying of the first data can be performed without significant delay.
  • realtime-relevant information e.g. for realtime-critical control or regulation of an automation system
  • a first application is a diagnosis function, for example, in which diagnosis messages are transmitted within a control network or a segment of the control network by a component of the control network to a component configured as a diagnosis server within the control network.
  • a second application may be the control function, for example, in which control messages, for example for a train protection network, are likewise transmitted between the components of the first network.
  • the monitoring device is not an additional transmission component that is channeled into the communication as a proxy, for example. Merely data that are transmitted anyway are monitored passively. There is therefore also no additional component for explicitly sending data from the second network to the first network.
  • a second data of a second application are transmitted between components within the second network, wherein the data are captured in the second network by at least one second monitoring device and are transmitted to the first network.
  • a reconstructed communication of the second application is created from the captured data and, merely in the event of successful reconstruction, second data are transmitted to components of the first network.
  • two monitoring devices are combined, which work autonomously in each case, however.
  • a first realizes decoupled one-way communication from the first network to the second network, as described previously.
  • a second realizes a controlled return channel.
  • the first monitoring device continues to be decoupled, as described above.
  • the second component can admittedly channel in a communication in the first network, but without there being a network connection from the second network to the first network. This reliably prevents the communication in the first network from being influenced by a communication in the second network.
  • all the captured data are stored in a data memory unit in unfiltered fashion.
  • the first data are filtered by a filter unit in the second network and the second data are filtered by a filter unit in the first network.
  • the first and second data of the first and second applications are filtered by evaluation of the captured data with regard to an application-specific identifier.
  • diagnosis data are transmitted on a logically separated diagnosis network of the first network, for example, then applicable diagnosis data are denoted and separable by an applicable diagnosis network identifier, e.g. a VLAN tag. It is therefore possible for the data of interest—in this case diagnosis data—of a first application to be reliably filtered from the entire captured data stream.
  • a reconstructed communication of the first and second applications is created in the second and first networks from the first and second data in a reconstruction unit.
  • the communication of the first and second applications is reconstructed by using only response data packets explicitly belonging to a request message.
  • the first data and the second data are stored in a data server and transmitted by an external command, at the request of components of the second and first networks or on initiation by the data server itself, to components of the second and first networks.
  • a transmission instant for the captured data is recorded in this case and the transmission instant is stored together with the captured data, particularly in digitally signed fashion.
  • the arrangement according to embodiments of the invention for decoupled transmission of data between networks with different security requirements comprises at least one monitoring device per communication link that is configured to capture data in decoupled fashion in the first network from a respective communication link and to transmit said data to a second network with lower security requirements, and a data memory unit that is arranged in the second network and stores the captured data.
  • At least one monitoring unit per communication link is used to establish decoupled network monitoring or a side channel in order to capture data transmitted within a first security-relevant network. It is thus possible for the arrangement to be used particularly for security-relevant networks, such as control networks, in which security-relevant control communications are transmitted via the same physical infrastructure, such as diagnosis data, for example.
  • security-relevant networks such as control networks
  • security-relevant control communications are transmitted via the same physical infrastructure, such as diagnosis data, for example.
  • the use of multiple monitoring components, particularly at least one respective monitoring component per communication link means that the first data are reliably captured and transmitted to the other network even if a communication link fails. If the multiple communication links are used for different partial volumes of data, such as signaling messages and useful data, for example, of the first application, then all the partial volumes of data can be reliably captured.
  • a monitoring device is arranged at two locations, for example upstream and downstream of a diagnosis server, or on each redundancy segment when there are redundant transmission paths.
  • the arrangement is therefore suitable for high-availability networks, for example security networks.
  • the arrangement additionally comprises at least one second monitoring device that is configured to capture data in the second network and to transmit said data to the first network, and a second reconstruction unit that is configured to create a reconstructed communication of the second application from the captured data and, merely in the event of successful reconstruction, to transmit second data to components of the first network.
  • the passive monitoring of the communication in the second network means that no dedicated transmission or reception component is needed for the data transmission between the networks. Influencing of the first network by the data transmission is therefore minimized.
  • the first and second monitoring units are in the form of a network output coupler, for example a network tap, or in the form of a device having a network interface to the first network, the contacts of which are configured to be deactivated for transmission signals, or in the form of an output coupling device for electromagnetic emitted radiation.
  • All the cited forms of a monitoring unit capture the data on the communication link on which they are arranged in a passive manner. That is to say that merely data or signals are captured without a way of introducing even data into the communication link. This also encompasses forwarding of altered signals and data within the respective network as well.
  • Such monitoring devices are available and inexpensively accessible. A copy of the signals and data is thus achieved in a simple manner and therefore a break in protocol is prevented or protocol independence is achieved.
  • the arrangement comprises a data memory unit that is configured to store all the captured data in unfiltered fashion.
  • the arrangement additionally comprises a filter unit that is configured to filter the first data and the second data from all the captured data. Moreover, the arrangement additionally comprises a reconstruction unit that is configured to reconstruct the communication of the first application by only using response data packets explicitly belonging to a request message for evaluation.
  • the captured volume of data is reduced and, by way of example, is reduced to the communication of one particular application.
  • the arrangement additionally comprises a data server that is configured to store the reconstructed first and second data.
  • the data server may in this case be set up to transmit the data to the receiving network by means of an external command, at the request of components of the receiving network or on initiation by the data server itself.
  • a computer program product (non-transitory computer readable storage medium having instructions, which when executed by a processor, perform actions) according to embodiments of the invention, which is directly loadable into a memory of a digital computer, comprises program code parts that are suitable for performing the steps of the method described.
  • FIG. 1 shows a flowchart of a first exemplary method according to embodiments of the invention
  • FIG. 2 shows a flowchart of a second exemplary method according to embodiments of the invention
  • FIG. 3 shows a first exemplary arrangement according to embodiments of the invention for transmitting data from a security-critical first network to a less security-critical second network with an embodiment of a monitoring unit according to embodiments of the invention in a schematic depiction;
  • FIG. 4 shows a second exemplary arrangement according to embodiments of the invention for transmitting data from a less security-critical second network to a security-critical first network in a schematic depiction.
  • Networks with high security requirements are a control network or in an automation installation, for example, by means of which production components are connected to one another and controlled, for example. Similar requirements also exist in control networks for train protection networks or power distribution installations, for example.
  • Security-critical networks of this kind are for the most part closed or at least access-controlled control networks with bidirectional communication between individual components, such as field devices and control computers, diagnosis computers or surveillance computers, for example. The communication is frequently realtime-critical and/or security-critical. End-to-end communication exists within the control network.
  • the communication network is usually equipped with redundant communication links or transmission paths, such as e.g. a dual bus system or a ring topology. It is also possible for multiple communication links to be used depending on the network load. Frequently, the same communication links are used to transmit data of different applications, such as for control or for diagnosis of the components, and merely virtual separation, for example by separate VLANs, is implemented. Diagnosis data are transmitted by components, for example, such as field devices, to a diagnosis server within the closed control network.
  • diagnosis data of a diagnosis application for example, to a second, less security-critical, network, in this case the office network, without influencing the first network, the following steps are performed:
  • the first method step 1 is the transmission of first data of a first application in the first network.
  • the first data are captured by at least one monitoring unit per communication link in the first network and duplicated.
  • the duplicated data are transmitted from the monitoring device to a second network.
  • the monitoring unit merely taps off the first data from the communication link, i.e. copies the data and routes the copied data to the second network.
  • the first data are not altered in the first network in this case, but rather are forwarded to the communication partner in the first network without delay.
  • the monitoring is not detectable in the first network. No kind of additional data are introduced into the first network by the monitoring unit, nor generated during the duplication. Similarly, alteration of the data forwarded within the first network is precluded.
  • the monitoring is therefore a transparent action, passive vis-à-vis the first data, in the first network.
  • the method is particularly suitable for realtime-relevant communication.
  • the use of at least one monitoring device per communication link ensures that all the transmitted first data of the communication are captured even if a communication link fails or if a transmission changes over time between the communication links. If the first network is designed using ring topology, then each of the two communication links in proximity to the diagnosis server, for example, is monitored.
  • FIG. 2 shows a further embodiment of the method, in which, in addition to the communication from the first to the second network, a communication from the second network with lower security requirements to the first security-critical network is also depicted.
  • second data of a second application are transmitted between components within the second, less security-critical, network.
  • These may be configuration data or software, for example, that are meant to be made available to the first network by the second network. In this case too, it is necessary to ensure that the filling of a data or loading server in the first network, for example, cannot influence the control communication.
  • data are captured in the second network by at least one second monitoring device, and are transmitted in method step 7 to the first network.
  • a reconstructed communication of the second application is now created from the captured data, and is transmitted in method step 9 to the first network only if the second data have been reconstructed successfully.
  • the data transmitted to the second network are stored in a data memory unit.
  • the first data can be filtered from all the captured data by a filter unit in the second network. Accordingly, filtering of the second data is possible after the transmission in the first network.
  • a VLAN tag or other application identifier for example, in the data packets can be evaluated.
  • the communication of the first and second applications can be reconstructed from the filtered first and second data. This makes it possible to ensure that captured data can be associated with the correct application and, by way of example, an erroneous communication within the first and second applications can be registered. It is then possible for measures to be derived therefrom, for example a warning or omission of the applicable data.
  • the data transmitted to the second and first networks can also be stored in unfiltered fashion and used for surveillance of the first network.
  • a transmission instant for the captured data is advantageously recorded.
  • the captured data and the transmission instant are advantageously stored in digitally signed fashion. It is thus possible for any manipulation of the data to be spotted and for an evaluation to be restricted to the data with a correct digital signature. From this, it is possible to infer possible manipulation of the data.
  • FIG. 3 now shows an arrangement 10 for transmitting first data from the first network 11 with high security requirements to a second network 12 with lower security requirements.
  • multiple components 13 . 1 , 13 . 2 , 13 . 3 such as field devices, for example, and a control computer 15 and also a diagnosis server 14 are connected to one another via a redundant first network.
  • the redundant network is in this case depicted as a dual bus with communication links 16 . 1 , 16 . 2 , for example.
  • Each component 13 . 1 , 13 . 2 , 13 . 3 , 14 , 15 is connected to a respective network interface by means of one of the two communication links 16 . 1 , 16 . 2 .
  • the network protocol used is the Internet Protocol according to version 4 or version 6, for example.
  • the network infrastructure is used to transmit not only the highly security-critical control data but also diagnosis data. These can be transmitted e.g. by means of a protocol of a standardized unified architecture of an open platform communication, OPC UA protocol, a simple network management protocol, SNMP or, by way of example, a syslog protocol.
  • the aim is now to transmit first data, in this case the diagnosis data, for example, to the second network 12 in decoupled fashion for the first network 11 and while maintaining the integrity of the data.
  • the first data are then evaluated in said second network.
  • at least one monitoring device 17 . 1 , 17 . 2 of the arrangement 10 is respectively associated with one of the redundant communication links 16 . 1 , 16 . 2 .
  • the two monitoring devices 17 . 1 , 17 . 2 independently of one another, capture the respective data transmitted on the first and second communication links 16 . 1 , 16 . 2 , create a copy of the data, which are then transmitted to the second network 12 to a data memory unit 18 and stored therein.
  • the data memory unit 18 of the arrangement 10 can additionally record the time of the transmission of the first data to the second network 12 and store it as logging data, for example with a digital signature computed using data and time.
  • the monitoring devices 17 . 1 , 17 . 2 are purely passive network components.
  • a monitoring unit may, by way of example, be configured as a network output coupler that copies the data packets, or an output coupling device that detects electromagnetic fields emitted by the communication line and converts them into signals and data.
  • the data memory unit 18 can be used to store and particularly archive the data captured from the first network in unfiltered and reconstructed fashion for monitoring purposes.
  • the digital signature allows subsequent manipulation to be discerned, so that data transmissions are checkable and verifiable. This is advantageous particularly for security-relevant networks that require licensing.
  • Filtering of the first data by the filter unit 19 of the arrangement 10 is possible using VLAN tags at transmission level, an application-specific identifier at transport level or, above that, protocol level, for example.
  • First data that exist redundantly can be compared in a reconstruction unit 20 and just one of the data packets can be used for the reconstruction.
  • the reconstruction unit 20 the communication of the first application is reconstructed, for example by just such first data as are associable with a request message being captured, or, additionally, there being a temporal correlation between request message and response data packet, corresponding to a prescribed interval of time, for example.
  • the first data are then provided in the form of a database or an XML file, for example, and stored in a data server 21 of the application 10 .
  • the first data are queryable and evaluable as a whole or in portions.
  • FIG. 4 now shows decoupled transmission of data from a second, less security-relevant, network to a security-critical first network 11 .
  • This is advantageous, by way of example, for the remote loading of software, firmware, configuration data or operating data, such as timetable data, which are meant to be made available within the security-critical first network 11 .
  • it is necessary to ensure that the filling of a data server 121 , in this case a loading server in the first network, for example, does not mean that the control communication in the first network 11 can be influenced.
  • the first network 11 comprises components 113 . 1 , 113 . 2 , 113 . 3 and a first application server 114 , for example a diagnosis server, and also a second application server 115 , for example a control server, and a data server 121 .
  • These network components are redundant, for example connected to one another via two respective network interfaces via a data bus having a dual layout, by means of communication links 116 . 1 , 116 . 2 .
  • the data server 121 is connected to a reconstruction unit 120 of the arrangement 100 .
  • second data such as software versions, firmware or configuration or operating data, for example, are transmitted from a provision client 123 . 1 to an external “dummy” loading server 123 . 2 via a communication link 126 .
  • the arrangement 100 comprises a monitoring unit 117 that duplicates the second data during the transmission on the communication link 126 in the second network 12 and transmits them to a data memory unit 118 of the arrangement 100 .
  • the arrangement 100 moreover comprises a filter unit 119 and also a reconstruction unit 120 in accordance with the arrangement 10 .
  • the data memory unit 118 can be used, as in the case of the arrangement 10 , to store the captured data in unfiltered fashion and to archive them together with a transmission instant, for example for surveillance purposes.
  • the filter unit 119 is configured to filter the second data from the data captured by the monitoring unit 117 . 1 , 117 . 2 and to forward said second data to a reconstruction unit 120 .
  • the reconstruction unit 120 is configured to transmit the second data of a reconstructed communication of the second application to the loading server 121 in the first network 11 only after a successful reconstruction.
  • the arrangement 100 can be used for controlled roll-out of SW patches, for example.
  • a validation unit is set up in the external loading server 123 . 2 , for example.
  • the provision client 123 . 1 uses the communication link 126 to send a start message to the loading server 123 . 2 and subsequently begins transmission of the second data to the loading server 123 . 2 .
  • the second data are checked by means of a virus search, on the basis of a positive list or by means of a signature check by the validation unit in the loading server 123 . 2 , for example.
  • the external loading server 123 . 2 sends an acknowledgement message to the provision client 123 . 1 .
  • the start message, the second data and the concluding acknowledgement message are transmitted via the monitoring unit 117 from the second network to the first network, where they are evaluated and reconstructed by the filter unit 119 and reconstruction unit 120 . Only when the acknowledgement message can be received and can be associated with the start message in the reconstruction unit 120 are the reconstructed second data output to the data server 121 in the first network 11 .
  • the transmission of the second data from the loading server 121 to the components 113 . 1 , 113 . 2 , 113 . 3 , 114 , 115 of the first network 11 can be started manually by a service engineer.
  • the data server 121 in the first network prevents direct and automatic installation of loaded data onto the components of the first network.
  • a check on the second data to be loaded is performed in the second network by the external loading server 123 . 2 , which means that no additional load therefor arises in the first network 11 .
  • a fresh transmission of second data in the second network 12 becomes obsolete after a validation of the second data in the second network. This means that manipulation of the second data in the second network 12 is not possible.
  • the individual units of the arrangement 10 , 100 may be configured in integrated form but also as physically separate units.
  • the data server 121 depicted as a physically separate unit in FIG. 4 may be also be configured in a fashion integrated with the arrangement 100 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Communication Control (AREA)
US15/742,930 2015-08-06 2016-06-27 Method and arrangement for decoupled transmission of data between networks Active 2036-09-06 US11063957B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102015214993.5 2015-08-06
DE102015214993.5A DE102015214993A1 (de) 2015-08-06 2015-08-06 Verfahren und Anordnung zur rückwirkungsfreien Übertragung von Daten zwischen Netzwerken
PCT/EP2016/064783 WO2017021060A1 (de) 2015-08-06 2016-06-27 Verfahren und anordnung zur rückwirkungsfreien übertragung von daten zwischen netzwerken

Publications (2)

Publication Number Publication Date
US20180375876A1 US20180375876A1 (en) 2018-12-27
US11063957B2 true US11063957B2 (en) 2021-07-13

Family

ID=56511536

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/742,930 Active 2036-09-06 US11063957B2 (en) 2015-08-06 2016-06-27 Method and arrangement for decoupled transmission of data between networks

Country Status (8)

Country Link
US (1) US11063957B2 (de)
EP (1) EP3295645B1 (de)
CN (1) CN107852415B (de)
DE (1) DE102015214993A1 (de)
ES (1) ES2918423T3 (de)
HU (1) HUE059244T2 (de)
PL (1) PL3295645T3 (de)
WO (1) WO2017021060A1 (de)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017203590A1 (de) * 2017-03-06 2018-09-06 Siemens Aktiengesellschaft Verfahren und Anordnung zum rückwirkungsfreien Übermitteln von Informationen
SG10202105475YA (en) * 2017-07-10 2021-07-29 Bgc Partners Lp Networks for packet monitoring and replay
DE102017217432A1 (de) 2017-09-29 2019-04-04 Siemens Mobility GmbH Konzept zum unidirektionalen Übertragen von Daten
CN110336818A (zh) * 2019-07-08 2019-10-15 郑州黑猫数字科技有限公司 一种基于数据感知的安全数据采集方法及系统
EP3772206A1 (de) * 2019-07-31 2021-02-03 Siemens Aktiengesellschaft Netzwerkadapter zur unidirektionalen übertragung von daten
DE102019211787A1 (de) * 2019-08-06 2021-02-11 Siemens Mobility GmbH Verfahren und Kommunikationseinrichtung zur Datenübertragung zwischen Netzwerken, insbesondere mit unterschiedlicher Sicherheitsanforderungen
US11297071B2 (en) * 2020-05-12 2022-04-05 Siemens Mobility GmbH Time-stamping for industrial unidirectional communication device with data integrity management
US12047460B2 (en) * 2022-12-01 2024-07-23 Saudi Arabian Oil Company Cross-communication links for a unidirectional, bilateral data network
AT526785B1 (de) * 2023-08-07 2024-07-15 Creative Bits Og Vorrichtung zum anlassbezogenen Unterbrechen einer zwei Netzwerkschnittstellen verbindenden Signalleitung

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6453345B2 (en) * 1996-11-06 2002-09-17 Datadirect Networks, Inc. Network security and surveillance system
US20040268151A1 (en) * 2003-04-07 2004-12-30 Tokyo Electron Limited Maintenance/diagnosis data storage server
US20050129033A1 (en) 2003-12-13 2005-06-16 Gordy Stephen C. Network tap for use with multiple attached devices
US20090002150A1 (en) * 2007-06-29 2009-01-01 Gita Technologies, Ltd. Protection of control networks using a one-way link
US20100162399A1 (en) 2008-12-18 2010-06-24 At&T Intellectual Property I, L.P. Methods, apparatus, and computer program products that monitor and protect home and small office networks from botnet and malware activity
US20110150220A1 (en) * 2007-11-30 2011-06-23 Thales Method for Securing a Bi-Directional Communication Channel and Device for Implementing said Method
US8068415B2 (en) 2007-04-18 2011-11-29 Owl Computing Technologies, Inc. Secure one-way data transfer using communication interface circuitry
US20120291089A1 (en) 2011-05-13 2012-11-15 Raytheon Company Method and system for cross-domain data security
US20150007316A1 (en) * 2013-06-28 2015-01-01 Omer Ben-Shalom Rootkit detection by using hw resources to detect inconsistencies in network traffic
US8959045B2 (en) 2008-08-19 2015-02-17 Northrop Grumman Systems Corporation System and method for information sharing across security boundaries
CN104410623A (zh) 2014-11-27 2015-03-11 柳州市网中网络策划中心 因特网管理系统
US20150215075A1 (en) * 2012-09-20 2015-07-30 Korea Electric Power Corporation System and method for unidirectional data transmission
DE102014226398A1 (de) 2014-12-18 2016-06-23 Siemens Aktiengesellschaft Verfahren und Vorrichtung zum rückwirkungsfreien Erfassen von Daten
WO2016156063A1 (de) 2015-03-31 2016-10-06 Siemens Aktiengesellschaft Einweg-koppelvorrichtung, anfrageeinrichtung und verfahren zum rückwirkungsfreien übertragen von daten
US20160295410A1 (en) * 2013-12-20 2016-10-06 Mcafee, Inc. Security gateway for a regional/home network
WO2017190997A1 (de) 2016-05-02 2017-11-09 Siemens Aktiengesellschaft Verfahren und integritätsprüfsystem zur rückwirkungsfreien integritätsüberwachung

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6453345B2 (en) * 1996-11-06 2002-09-17 Datadirect Networks, Inc. Network security and surveillance system
US20040268151A1 (en) * 2003-04-07 2004-12-30 Tokyo Electron Limited Maintenance/diagnosis data storage server
US20050129033A1 (en) 2003-12-13 2005-06-16 Gordy Stephen C. Network tap for use with multiple attached devices
US8068415B2 (en) 2007-04-18 2011-11-29 Owl Computing Technologies, Inc. Secure one-way data transfer using communication interface circuitry
US20090002150A1 (en) * 2007-06-29 2009-01-01 Gita Technologies, Ltd. Protection of control networks using a one-way link
US20110150220A1 (en) * 2007-11-30 2011-06-23 Thales Method for Securing a Bi-Directional Communication Channel and Device for Implementing said Method
US8959045B2 (en) 2008-08-19 2015-02-17 Northrop Grumman Systems Corporation System and method for information sharing across security boundaries
US20100162399A1 (en) 2008-12-18 2010-06-24 At&T Intellectual Property I, L.P. Methods, apparatus, and computer program products that monitor and protect home and small office networks from botnet and malware activity
US20120291089A1 (en) 2011-05-13 2012-11-15 Raytheon Company Method and system for cross-domain data security
US20150215075A1 (en) * 2012-09-20 2015-07-30 Korea Electric Power Corporation System and method for unidirectional data transmission
US20150007316A1 (en) * 2013-06-28 2015-01-01 Omer Ben-Shalom Rootkit detection by using hw resources to detect inconsistencies in network traffic
US20160295410A1 (en) * 2013-12-20 2016-10-06 Mcafee, Inc. Security gateway for a regional/home network
CN104410623A (zh) 2014-11-27 2015-03-11 柳州市网中网络策划中心 因特网管理系统
DE102014226398A1 (de) 2014-12-18 2016-06-23 Siemens Aktiengesellschaft Verfahren und Vorrichtung zum rückwirkungsfreien Erfassen von Daten
WO2016156063A1 (de) 2015-03-31 2016-10-06 Siemens Aktiengesellschaft Einweg-koppelvorrichtung, anfrageeinrichtung und verfahren zum rückwirkungsfreien übertragen von daten
CN107409139A (zh) 2015-03-31 2017-11-28 西门子公司 用于无反馈地传输数据的单路耦合装置、询问机构和方法
US20180124121A1 (en) 2015-03-31 2018-05-03 Siemens Aktiengesellschaft One-way coupling device, request apparatus and method for feedback-free transmission of data
WO2017190997A1 (de) 2016-05-02 2017-11-09 Siemens Aktiengesellschaft Verfahren und integritätsprüfsystem zur rückwirkungsfreien integritätsüberwachung
US20190149557A1 (en) 2016-05-02 2019-05-16 Siemens Aktiengesellschaft Method and integrity checking system for decoupled integrity monitoring

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PCT International Search Report corresponding to PCT International Application No. PCT/EP2016/064783 filed Jun. 27, 2016.

Also Published As

Publication number Publication date
WO2017021060A1 (de) 2017-02-09
PL3295645T3 (pl) 2022-09-26
CN107852415B (zh) 2021-08-20
US20180375876A1 (en) 2018-12-27
EP3295645B1 (de) 2022-06-08
EP3295645A1 (de) 2018-03-21
DE102015214993A1 (de) 2017-02-09
ES2918423T3 (es) 2022-07-15
HUE059244T2 (hu) 2022-11-28
CN107852415A (zh) 2018-03-27

Similar Documents

Publication Publication Date Title
US11063957B2 (en) Method and arrangement for decoupled transmission of data between networks
US11368437B2 (en) Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server
US11251898B2 (en) Device and method for the unidirectional transmission of data
JP5033856B2 (ja) ネットワーク構成の想定のための装置、システム
US11223657B2 (en) One-way coupling device, request apparatus and method for feedback-free transmission of data
CN112347021B (zh) 用于串行通信装置的安全模块
US7385919B2 (en) Local network, particularly Ethernet network having redundancy properties, and coupling device for such a network
US20160255006A1 (en) Semantic Deduplication
RU2587407C2 (ru) Многокольцевая сеть ethernet и способ ее защиты
JP3924247B2 (ja) 単一のlanを使用するソフトウェアベースのフォールトトレラントネットワーク
US20200290657A1 (en) Railway automation network and method for transmitting messages in a railway automation network
CN111149105B (zh) 用于立即并且无反作用地传输日志消息的方法和设备
CN108965006A (zh) 一种通信可靠性提高方法及装置
WO2018088462A1 (ja) 通信制御装置、通信制御方法およびプログラム
US8867546B2 (en) Communication path control technique
TWI771523B (zh) 單向性轉移檔案的系統及方法
JP2008287632A (ja) 制御装置復帰システム
JP4828461B2 (ja) 複数の通信ネットワークと集中監視サーバとの間に介在する中間システム
CN114008982B (zh) 计算设备和用于运行计算设备的方法
EP3372473A1 (de) Verfahren zur protokollierung und synchronisierung von ereignissen im zusammenhang mit einer diagnose
CN112074884A (zh) 提供一种数字式交叉路口的系统和方法
Valdivia et al. Coexistence of safety and security: Synchronized redundant system with security enhancements
CN117113310B (zh) 一种数据传输控制方法及系统、设备、介质
JP6313897B1 (ja) 通信制御装置、通信制御方法およびプログラム
JP6207710B1 (ja) 転送制御装置、転送制御方法およびプログラム

Legal Events

Date Code Title Description
AS Assignment

Owner name: SIEMENS AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BLOECHER, UWE;FALK, RAINER;REINERT, JENS;AND OTHERS;SIGNING DATES FROM 20171212 TO 20171213;REEL/FRAME:044568/0516

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE